Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pulse Secure Access SSL VPN SA-4000 安全漏洞
Vulnerability Description
Pulse Secure Access SSL VPN SA-4000是美国Pulse Secure公司的一款VPN设备。该产品主要为中小企业提供远端安全存取解决方案。 Pulse Secure Access SSL VPN SA-4000 5.1R5 (build 9627)版本和4.2 Release (build 7631)版本中存在安全漏洞,该漏洞源于程序没有进行恰当的权限控制。攻击者可利用该漏洞提升权限,更改管理员密码。
CVSS Information
N/A
Vulnerability Type
N/A